<?php
  include('header.php');
  $lang = "";
  $pageTitle = "$l_ucp";
  $male_c = "";
  $female_c = "";
  if (!isset($_SESSION['signed_in'])) {
      //header('location: signin.php');
      $pageContents = ob_get_contents();
      ob_end_clean();
      echo str_replace('<!--TITLE-->', $pageTitle, $pageContents);
      //the user is not signed in
      echo '<hr/><br /><div align="center">' . $l_you_need_to . ' <a class="loginlink" href="signin.php">' . $l_login_s . '</a> ' . $l_in_order_view . ' <br>' . $l_u_also . ' <a class="loginlink" href="signup.php">' . $l_register_s . '</a> ' . $l_for_acc . '</div><br />';
      exit;
  } else {
      //AVATAR UPLOAD
	  $notifications = "";
	  if (isset($_GET['notifications'])) {$notifications = mysql_real_escape_string($_GET['notifications']);}
      if ($avatars_upload == 1 and $notifications != 1) {
          echo "<script type='text/javascript'>

function showhide(id) {
  if (document.getElementById) {
    obj = document.getElementById(id);
    if (obj.style.display == '') {
      obj.style.display = 'none';
    } else {
      obj.style.display = '';
    }
  }
}
function showhideBOTH(id1,id2) {
  var status1 = document.getElementById(id1).style.display;  
  var status2 = document.getElementById(id2).style.display;  
  if ((status1 == 'none') && (status2 == 'none')) {
  showhide(id1);  showhide(id2);  return;
  }
  if ((status1 != 'none') && (status2 != 'none')) {
  showhide(id1);  showhide(id2);  return;
  }
}
</script>";
          $file_directory = dirname("./img/avatars/uploads/index.html");
          if (!is_writable($file_directory)) {
              echo "Warning: Uploads directory is not writable!";
          }
          
          define("MAX_SIZE", $avatars_upload_size);
          function getExtension($str)
          {
              $i = strrpos($str, ".");
              if (!$i) {
                  return "";
              }
              $l = strlen($str) - $i;
              $ext = substr($str, $i + 1, $l);
              return $ext;
          }
          
          $errors = 0;
          if (isset($_POST['Submit'])) {
              $image = $_FILES['image']['name'];
              if ($image) {
                  $filename = stripslashes($_FILES['image']['name']);
                  $extension = getExtension($filename);
                  $extension = strtolower($extension);
                  if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) {
                      echo '<h1>Unknown extension!</h1>';
                      $errors = 1;
                  } else {
                      $size = filesize($_FILES['image']['tmp_name']);
                      
                      if ($size > MAX_SIZE * 1024) {
                          echo '<h1>' . $l_err_upload_size_limit . '</h1>';
                          $errors = 1;
                      }
                      
                      $image_name = time() . '.' . $extension;
                      $newname = "img/avatars/uploads/" . $image_name;
                      $copied = copy($_FILES['image']['tmp_name'], $newname);
                      if (!$copied) {
                          echo '<h1>' . $l_copy_fail . '</h1>';
                          $errors = 1;
                      }
                  }
              }
          }
          
          if (isset($_POST['Submit']) && !$errors) {
              echo "<br />$l_file_ok<hr/><br/>";
              $upload_avatar = "uploads/" . $image_name;
              if ($image_name == "") {
                  $upload_avatar = "";
                  echo '<h1>' . $l_copy_fail . '</h1>';
                  $errors = 1;
              }
          }
      }
      if ($_SERVER['REQUEST_METHOD'] != 'POST') {
          echo "<hr /><br /><div align='left'>
<a class='profile' href='profile.php?profile=1'>$l_edit_profile</a>
<a class='profile' href='profile.php?contact=1'>$l_edit_contact</a>";
          
          if ($allow_avatars == '1') {
              echo " <a class='profile' href='profile.php?avatar=1'>$l_edit_avatar</a>";
          }
          
          echo " <a class='profile' href='profile.php?signature=1'>$l_edit_sig</a>
<a class='profile' href='profile.php'>$l_edit_board</a>
<a class='profile' href='profile.php?notifications=1'>$l_notifications</a>
<br/><br/>
</div>
";
          //AVATAR
		  
          if (isset($_GET['avatar']) and $_SERVER['REQUEST_METHOD'] != 'POST' and $allow_avatars == '1') {
              $pageTitle = "$l_user_avatar";
              echo "<b>$l_avatar</b><hr><br/>";
              echo '<script language="JavaScript" type="text/javascript">
<!--
function Selector(num)
{
document.form1.Image[num].checked = true;
}
-->
</script>
';
          }
          if ($_SERVER['REQUEST_METHOD'] != 'POST' and isset($_GET['avatar']) and $allow_avatars == '1') {
              $result = $db->query("SELECT user_avatar FROM " . $table_prefix . "users WHERE user_id =" . mysql_real_escape_string($_SESSION['user_id']) . "");
              if (!$result) {
                  echo "An error occured!";
                  die;
              }
              $row = $db->fetch_array($result,'assoc');
              $user_avatar = $row['user_avatar'];
              if ($avatars_upload == 1) {
                  if ($user_avatar == "Remove" or $user_avatar == "") {
                      echo '

<table style="width:320px";><tr><td align="left"><b><a href = "#" onclick="showhide(\'script1\'); return(false);">' . $l_upload_avatar . '</a></b><div style="display: none;" id="script1"><br/><form name="newad" method="post" enctype="multipart/form-data"  action="">

<input type="file" name="image">
<input name="Submit" type="submit" value="' . $l_upload_avatar . '"><br/>
&nbsp<i>(' . $l_max_size . ' ' . $avatars_upload_size . 'kb, ' . $avatar_width . 'x' . $avatar_width . ' px)</i><br/>&nbsp</form>
</div></tr></td></table>

 ';
                  }
              }
              echo '<div align="center"><table style="border-collapse: collapse; background-color:#F4F6FB;width:660px;" border = "1">
<tr><td><b>Select avatar</b></td><td></td><td></td><td></td><td></td></tr><tr>';
              echo '<form name="form1" id="form1" method="post">';
              
              $dirPath = dir('./img/avatars');
              $imgArray = array();
              $u_avatar = '<img width="' . $avatar_width . '" height="' . $avatar_height . '" src="./img/avatars/' . $row["user_avatar"] . '" border=0 name=""/>';
              $button = "submit";
              $a_status = "";
              if ($row['user_avatar'] == "" or $row['user_avatar'] == "Remove") {
                  $button = "hidden ";
                  $a_status = "No Avatar";
                  $u_avatar = "";
              }
              
              
              echo '<div align="center">"<b>' . $_SESSION["user_name"] . '</b>" avatar: <a STYLE="text-decoration:none" href="#remove" onclick="Selector(0);">
' . $u_avatar . '
<input TYPE=' . $button . ' name="Image" id="Image0" class="inputButton" type="radio" value="' . $l_avatar_remove . '"/></a>' . $a_status . '<br /><br /><hr><br />';
              while (($file = $dirPath->read()) !== false) {
                  if ((substr($file, -3) == "gif") || (substr($file, -3) == "jpg") || (substr($file, -3) == "png")) {
                      $imgArray[] = trim($file);
                  }
              }
              $dirPath->close();
              sort($imgArray);
              $c = count($imgArray);
              $count = -1;
              $counter = 1;
              for ($i = 0; $i < $c; $i++) {
                  $count++;
                  
                  if ($count == 5) {
                      echo "</tr><tr>";
                      $count = 0;
                  }
                  
                  echo '<td height="110px" width ="100px"><div align="center">
<a href="#' . $imgArray[$i] . '" onclick="Selector(' . $counter . ');">

<input name="Image" id="Image' . $counter . '" type="radio" value="' . $imgArray[$i] . '"/> <br /><img src="./img/avatars/' . $imgArray[$i] . '" width="64px" height="64px" border=0 name="' . $imgArray[$i] . '"/></a><br />' . $imgArray[$i] . '</div></td>';
                  $counter++;
              }
              
              echo '</tr></table>
<table style="width:660px";><tr><td align="center" height=36px width = 100px><input class="inputButton" type="submit" value="' . $l_submit . '" /></form></td></tr>
</table></div><br /><br />';
          }
          //END AVATAR
      } else {
	  $avatar = "";
	  if (isset($_POST['Image']))
          {$avatar = mysql_real_escape_string($_POST['Image']);}
          if ($_SERVER['REQUEST_METHOD'] == 'POST' and isset($_GET['avatar']) and ($_GET['avatar']) == 1  and $allow_avatars == '1') {
              $result = $db->query("SELECT user_avatar FROM " . $table_prefix . "users WHERE user_id =" . mysql_real_escape_string($_SESSION['user_id']) . "");
              if (!$result) {
                  echo "An error occured!";
                  die;
              }
              $row = $db->fetch_array($result,'assoc');
              // uploads/1279192850.jpg
              $myFile = $row['user_avatar'];
              $filename = str_replace("uploads/", "", $myFile);
              if (file_exists("./img/avatars/uploads/" . $filename . "") and $myFile!="") {
                  unlink("./img/avatars/uploads/" . $filename . "");
              }
              
              if ($avatar == "" and $upload_avatar != "") {
                  $avatar = $upload_avatar;
              }
              $result = $db->query("UPDATE " . $table_prefix . "users SET user_avatar = '" . $avatar . "' WHERE user_id = " . $_SESSION['user_id'] . "");
              if (!$result) {
                  echo "An error occured!";
                  die;
              }
              if (file_exists("./img/avatars/" . $avatar . "")) {
                  $cur_avatar = "<img width = '" . $avatar_width . "' height='" . $avatar_height . "' src='./img/avatars/" . $avatar . "'>";
              } else {
                  $cur_avatar = "<br />$l_noavatar";
              }
              if ($result) {
                  echo "<b>Information</b><hr><br/><div align='center'>$l_avatar_sel <br />" . $cur_avatar . "";
                  echo "<br /><br /><a href = 'profile.php?avatar=1'>$l_back_to_prev</a><br /><br /></div>";
                  die;
              }
          }
          //END AVATAR
      }
  }
  //CHANGE PROFILE
  if (!isset($_GET['avatar']) and isset($_GET['profile'])) {
      if ($_SERVER['REQUEST_METHOD'] != 'POST') {
	    $pageTitle = $l_edit_profile;
          $result = $db->query("SELECT * FROM " . $table_prefix . "users WHERE user_id = " . $_SESSION['user_id'] . " LIMIT 1");
          if (!$result) {
              echo "An error occured!";
              die;
          }
          $row = $db->fetch_array($result,'assoc');
		  if ($row['show_email']==1)
		  {$email_y="checked";$email_n="";}
		  else
		  {$email_y="";$email_n="checked";}
          if ($user_change_email == 1) {
              $disabled = "";
          } else {
              $disabled = 'disabled="disabled"';
          }
          //LANGUAGE
          if ($handle = opendir("./lang")) {
              $language = '<select name="sel_lang">';
              $selected = '';
              while (false !== ($file = readdir($handle))) {
                  if ($file != "." and $file != "index.html" and $file != "..") {
                      $lang = $lang . $file;
                      $sel_lang = str_replace(".php", "", $file);
                      if ($row['user_lang'] == $sel_lang) {
                          $selected = "selected";
                      } else {
                          $selected = "";
                      }
                      $language .= '<option  ' . $selected . ' value="' . $sel_lang . '">' . $sel_lang . '&nbsp;</option>';
                  }
              }
              $language .= '</select><br />';
          }
          //END LANGUAGE
          echo '<hr/><br/>

<form method="post" action=""><table class="registration" border=1><tr>
<th><b>&nbsp;' . $l_edit_profile . '</b></th>
<th></th></tr>

<tr>
<td width="155" height="36" ><div align="right"><b>' . $l_un . '</b></div></td><td> <div align="left">&nbsp;<input id="user_name" type="text" size="30" disabled name="user_name" value="' . $row["user_name"] . '"/></div></td></tr>

<tr>
<td height="36"><div align="right"><b>' . $l_curr_pw . '</b><br/>' . $l_curr_pw_explain . '</div></td><td> <div align="left">&nbsp;<input type="password" size="30" name="old_pass"/></div></td></tr>

<tr>
<td height="36"><div align="right"><b>' . $l_pw_new . '</b></div></td><td> <div align="left">&nbsp;<input type="password" size="30" name="user_pass" /></div></td></tr>

<tr>
<td height="36"><div align="right"><b>' . $l_confirm_pw . '</b></div></td><td> <div align="left">&nbsp;<input type="password" size="30" name="user_pass_check" /></div></td></tr>

<tr>
<td height="36"><div align="right"><b>' . $l_email . '</b></div></td><td> <div align="left">&nbsp;<input type="email" size="30" name="user_email" ' . $disabled . ' value = "' . $row["user_email"] . '"/></div></td>

<tr>
<td height="36"><div align="right"><b>'.$l_display_email.'</b><br /></td><td><div align="left">&nbsp; <input type="radio" name="show_email" '.$email_y.' value="1" /> Yes
<input type="radio" name="show_email" '.$email_n.' value="0" /> No </div></td></tr>

<tr><td height="36"><div align="right"><b>'.$l_language.'</b></div></td>
<td><div align="left">' . $language . '</div></td></tr>

<tr><td></td>
        <td height="36"><div align="left"><input type="submit" class="inputButton" value="' . $l_edit_profile . '" /></div>
       </td></tr></table></form>

<br />';
      }
      if ($_SERVER['REQUEST_METHOD'] == 'POST') {
          $result = $db->query("
		  UPDATE " . $table_prefix . "users 
		  SET 
		  user_lang='" . mysql_real_escape_string($_POST['sel_lang']) . "',
          user_level=".mysql_real_escape_string($_SESSION['user_level']).",
          show_email = 	" . mysql_real_escape_string($_POST['show_email']) . " 
		  WHERE 
		  user_id = " . $_SESSION['user_id'] . "") or die(mysql_error());
          $_SESSION['user_lang'] = mysql_real_escape_string($_POST['sel_lang']);
          
          if ($_POST["user_pass"] != "") {
              if ($_POST["user_pass"] != $_POST["user_pass_check"]) {
                  echo "<hr/><br><div align='center'>$l_error_pw_match<br/><br/><a href = 'profile.php?profile=1'>$l_back_to_prev</a></div><br/><br/>";
                  die;
              }
              $result = $db->query("
			  SELECT 
			  user_pass 
			  FROM " . $table_prefix . "users 
			  WHERE user_id = " . $_SESSION['user_id'] . "");
              if (!$result) {
                  echo "<hr/><br>An error occured!";
                  die;
              }
              $row = $db->fetch_array($result,'assoc');
              
              if (sha1(mysql_real_escape_string($_POST["old_pass"]) ) == $row['user_pass']) {
                  $result5 = $db->query("
				  UPDATE " . $table_prefix . "users 
				  SET 
				  user_pass='" . sha1(mysql_real_escape_string($_POST['user_pass'])) . "', 
				  user_lang='".mysql_real_escape_string($_POST[sel_lang])."', 
				  user_level=".mysql_real_escape_string($_SESSION['user_level']).",
				  show_email = 	" . mysql_real_escape_string($_POST['show_email']) . " 
				  WHERE 
				  user_id = $_SESSION[user_id]") or die(mysql_error());
				  
                  if ($result5) {
                      echo "<hr/><br><div align='center'>$l_profile_upd<br/><br/><a href = 'profile.php?profile=1'>$l_back_to_prev</a></div><br/><br/>";
                      die;
                  }
              } else {
                  echo "<hr/><br><div align='center'>$l_error_wrong_password<br/><br/><a href = 'profile.php?profile=1'>$l_back_to_prev</a> </div><br/><br/>";
                  die;
              }
          }
          if ($user_change_email == 1) {
              $result = $db->query("SELECT user_email FROM " . $table_prefix . "users WHERE user_id = " . $_SESSION['user_id'] . "");
              if (!$result) {
                  echo "<hr/><br>An error occured!";
                  die;
              }
              $row = $db->fetch_array($result,'assoc');
              if ($row["user_email"] != $_POST['user_email'] and $user_change_email == 1) {
                  if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$", $_POST['user_email'])) {
                      echo "$l_error_email_valid";
                      die;
                  }
              } else {
                  $result = $db->query("SELECT 
				  user_email 
				  FROM " . $table_prefix . "users 
				  WHERE user_email = '" . mysql_real_escape_string($_POST['user_email']) . "'");
                  if (mysql_num_rows($result) == 0) {
                      $result5 = $db->query("
					  UPDATE " . $table_prefix . "users 
					  SET 
					  user_email='".mysql_real_escape_string($_POST[user_email])."', 
					  user_lang='".mysql_real_escape_string($_POST[sel_lang])."', 
					  user_level=".mysql_real_escape_string($_SESSION['user_level']).",
					  show_email = 	" . mysql_real_escape_string($_POST['show_email']) . " 
					  WHERE 
					  user_id = " . mysql_real_escape_string($_SESSION['user_id']) . "") or die(mysql_error());
                      echo "<hr/><br><div align='center'>$l_profile_upd<br/><br/><a href = 'profile.php?profile=1'>$l_back_to_prev</a></div><br/><br/>";
                  } else {
                      echo "<hr/><br><div align='center'>$l_error_used_email<br/><br/><a href = 'profile.php?profile=1'>$l_back_to_prev</a> </div><br/><br/>";
                  }
              }
          } else {
              echo "<hr/><br><div align='center'>$l_profile_upd<br/><br/><a href = 'profile.php?profile=1'>$l_back_to_prev</a></div><br/><br/>";
          }
      }
      //END CHANGE PROFILE
  }
  //NOTIFICATIONS
  if (isset($_GET['notifications']) and $_SERVER['REQUEST_METHOD'] != 'POST') {
  $pageTitle = $l_notifications;
      echo "<script language=\"JavaScript\">
function toggle(source) {
  checkboxes = document.getElementsByName('checkbox[]');
  for(var i in checkboxes)
    checkboxes[i].checked = source.checked;
}
</script>
<b>$l_t_subscribe</b>
<hr><br>
<div align='center'><table style='width:98%;' border=1>
<form name ='myform' action='' method='post'>
<tr><th>&nbsp;<input type='checkbox' onClick='toggle(this)' /> <b>$l_subject</b></th></tr>";
      $result = $db->query("SELECT * FROM " . $table_prefix . "topics_watch WHERE user_id=" . $_SESSION['user_id'] . " ");
      if (mysql_num_rows($result) > 0) {
          while ($list = $db->fetch_array($result,'assoc')) {
              $result2 = $db->query("SELECT topic_id, topic_subject, topic_starter FROM " . $table_prefix . "topics WHERE topic_id =$list[topic_id] ");
              $row = mysql_fetch_assoc($result2);
              echo '';
              echo '<tr><td height="26px">&nbsp;<input type="checkbox" name="checkbox[]" value="' . $row[topic_id] . '"> <a style="font-weight:bold;" href="topic.php?t=' . $row[topic_id] . '">' . $row[topic_subject] . '</a> ' . $l_by . ' ' . $row[topic_starter] . '</td></tr>
';
          }
          echo '<tr><td><br><input class="menuButtons" type="submit" name="Submit" value="' . $l_t_unsubscribe . '">';
      }
      //end num rows
      else {
          echo "<tr><td>$l_t_nonotify</td></tr>";
      }
      echo "</td></tr><table></div><br><br><br><br>";
  }
  //end if
  if (isset($_GET['notifications']) and $_SERVER['REQUEST_METHOD'] == 'POST') {
      if (isset($_POST['Submit'])) {
          for ($i = 0; $i < count($_POST['checkbox']); $i++) {
              echo "<br />value $i = " . $_POST['checkbox'][$i];
              $result = $db->query("DELETE FROM " . $table_prefix . "topics_watch WHERE topic_id = " . $_POST['checkbox'][$i] . "");
              if ($result) {
                  header('location: profile.php?notifications=1');
              } else {
                  echo "$l_error_occured";
              }
          }
      }
  }
  //SIGNATURE
  if (isset($_GET['signature']) and $_SERVER['REQUEST_METHOD'] != 'POST' and $allow_user_signature == '1') {
  $pageTitle = $l_edit_sig;
      include('functions.php');
      include('show_smilies.php');
      $my_sig = "";
      $result = $db->query("SELECT user_signature FROM " . $table_prefix . "users WHERE user_id = $_SESSION[user_id] LIMIT 1");
      if (mysql_num_rows($result) >= 1) {
          $row = $db->fetch_array($result,'assoc');
          $my_sig = $row['user_signature'];
          $my_sig = BBDecode($my_sig);		  
      }
      $if_smilies = "";
      $endif_smilies = "";
      $if_guest_post = "";
      $endif_guest_post = "";
      
      if ($allow_smilies == 0) {
          $if_smilies = "<!--";
          $endif_smilies = "-->";
      }
      
      if ($allow_smilies == 1) {
          $if_smilies = "";
          $endif_smilies = "";
      }
      
      $editor_css = "./style/$default_style/editor_reply.css";
      $editor = "./style/$default_style/editor.js";
      
      echo '<form name="myForm" method="post" action=""';
      
      if ($default_wysiwyg == "1") {
          $default_editor = "";
      }
      if ($default_wysiwyg != "1") {
          $default_editor = "SwitchEditor()";
      }
      
      $tags = array('{Message}', '{MORE_SMILIES}', '{DISABLE_SMILIES}', '{F_ID}', '{T_ID}', '{POST_TOPIC}', '{EDITOR_CSS}', '{EDITOR}', '{WYSIWYG}', '{IF_SMILIES}', '{END_SMILIES}', '{SIGNATURE}');
      $data = array(''.$l_edit_sig.'  (max. ' . $signature_max_char . ' '.$l_max_char.')', $l_more_smilies, $l_dissmilies, $fid, $topicid, $l_edit_sig, $editor_css, $editor, $default_editor, $if_smilies, $endif_smilies, $my_sig);
      echo str_replace($tags, $data, file_get_contents("./style/$default_style/edit_signature.html"));
      echo "</form>";
//PREVIEW SIGNATURE
  $preview = $my_sig;
  $preview = str_replace('%69%66%72%61%6D%65', 'iframe', $preview);
  $preview = BBCode($preview);
  $preview = str_replace("\n", "<br>", $preview);
  $preview = smilies($preview, 'img/smilies/');
//END PREVIEW SIGNATURE
  echo "<table><tr><th>&nbsp;<b>$l_sig_prev</b></th></tr><tr><td>$preview</td></tr><tr><th></th></tr></table><br><br><br>";	  
	  
  }
  if (isset($_GET['signature']) and $_SERVER['REQUEST_METHOD'] == 'POST' and $allow_user_signature == '1') {
      $sig = $_POST['reply'];
      if ((strlen($sig) > $signature_max_char)) {
          echo "<hr><br/><div align=\"center\"><span style='color:red'>$l_message_many<br /><br /></span>
<a href=\"#reply\" onClick='history.go(-1)'>$l_back_to_prev</a></div><br><br>";
      } else {
          include('functions.php');
          include('show_smilies.php');
          if ($bad_word_filter == 1) {
              include 'word_filter.php';
          }
          $text = $_POST['reply'];
		  $text = my_nl2br($text); //Remove double or miltiple new lines
          if ($bad_word_filter == 1) {
              $filter = $db->query("SELECT * FROM " . $table_prefix . "word_filter");
              $word_filter = mysql_fetch_assoc($filter);
          }
          
          //BAD WORD FILTER
          if ($bad_word_filter == 1) {
              if ($word_filter['bad_words'] != "") {
                  $banned_word_list = $word_filter['bad_words'];
                  $text = wordfilter($banned_word_list, $text);
              }
          }
          //BAD WORD FILTER
          $text = convEnt2($text);
          $disable_smilies = "0";
          if (isset($_POST['dissmilies']) && $_POST['dissmilies'] == 'on') {
              $disable_smilies = "1";
              $text = DisableSmilies($text);
          }
          $text = str_replace('iframe', '%69%66%72%61%6D%65', $text);
		  
          $text = BBCode($text);
          $result = $db->query("
		  UPDATE " . $table_prefix . "users 
		  SET 
		  user_signature='$text' 
		  WHERE 
		  user_id = " . mysql_real_escape_string($_SESSION['user_id']) . " 
		  LIMIT 1");
          echo "<hr><br><div align='center'>$l_profile_upd<br><br><a href='profile.php?signature=1'>$l_back_to_prev</a><br><br></div>";
      }
  }
  //END SIGNATURE

//Contact informaction  
  if (isset($_GET['contact']) and $_SERVER['REQUEST_METHOD'] != 'POST') 
  {
  include('functions.php');
//GET old user info
$result =  $db->query("SELECT 
user_msn, 
user_www, 
user_location, 
user_occupation, 
user_interests, 
user_birthday,
user_show_age,
user_gender,
user_about
FROM " . $table_prefix . "users 
WHERE user_id = " . mysql_real_escape_string($_SESSION['user_id']) . " 
LIMIT 1
"
);
$row = $db->fetch_array($result,'assoc');

$msn = $row['user_msn'];
$www = $row['user_www'];
$location = $row['user_location'];
$occ = $row['user_occupation'];
$int = $row['user_interests'];
$birthday = $row['user_birthday'];
$show_age = $row['user_show_age'];
$me = $row['user_about'];

$me = str_replace("<br>", "\n", $me );
$me = BBDecode($me);
$yyyy = 0;
$dd = 0;
$mm = 0;
if (strstr($birthday,"-"))
{
$parts=explode("-", $birthday);
$dd = $parts[0];
$mm = $parts[1];
$yyyy = $parts[2];
}
$age = date("Y")-$yyyy;
$agey="";$agen="checked";
if ($show_age==1) {$agey="checked";$agen="";}

$gender = $row['user_gender'];
$gender_image = "";
if ($gender ==1) {$male_c = "selected"; $female_c="";
$gender_image = "<img align='absmiddle' src='./style/$default_style/img/male.gif'>";}
if ($gender ==2) {$male_c = ""; $female_c="selected";
$gender_image = "<img align='absmiddle' src='./style/$default_style/img/female.gif'>";}

 $pageTitle = $l_edit_contact;
  echo "<hr><br><form method='post' action=''>
  <table class='registration' border=1><tr><th><b>&nbsp;$l_edit_contact</b></th><th></th></tr>
  <tr>
<td height='36'><div align='right'><b>$l_msn:</b></div></td><td><div align='left'>&nbsp; <input MAXLENGTH=50 value='$msn' id='forum' type='text' name='msn' size='42'/></div></td></tr>
  <tr>
<td height='36'><div align='right'><b>$l_www:</b></div></td><td><div align='left'>&nbsp; <input MAXLENGTH=55 value='$www' id='forum' type='text' name='www' size='42'/></div></td></tr>
  <tr>
<td height='36'><div align='right'><b>$l_location:</b></div></td><td><div align='left'>&nbsp; <input MAXLENGTH=50 value='$location' id='forum' type='text' name='location' size='42'/></div></td></tr>
  <tr>
<td height='36'><div align='right'><b>$l_occ:</b></div></td><td><div align='left'>&nbsp; <textarea style='width:265px;height:50px;font-size:11px;' name='occupation'>$occ</textarea></div></td></tr>
  <tr>
<td height='36'><div align='right'><b>$l_interests:</b></div></td><td><div align='left'>&nbsp; <textarea style='width:265px;height:50px;font-size:11px;' name='interests'>$int</textarea></div></td></tr>
";
?>
<td height='36'><div align='right'><b><?php echo "$l_birthday:" ?></b></div></td><td><div align='left'>&nbsp; 
<select name="day">
<option value="">---&nbsp;</option>
	<?for($day=1; $day <= 31; ++$day):?>
		<?
				//this code is adding a 0 before all values less than 10
				//you don't need this code, but I prefer to have 2 digit values
		if($day < 10)
		{
			$day = "0".$day;
		}
		$day_sel = "";
		if ($day == $dd) {$day_sel = "selected";}
		?>
		<option <?=$day_sel?> value="<?=$day?>"><?=$day?></option>
	<?endfor;?>
</select>
<select name="month">
<option value="">---&nbsp;</option>
	<?for($month=1; $month <= 12; ++$month):?>
		<?
				//this code is adding a 0 before all values less than 10
				//you don't need this code, but I prefer to have 2 digit values
		if($month < 10)
		{
			$month = "0".$month;
		}
		$mm_sel = "";
		if ($month == $mm) {$mm_sel = "selected";}
		?>
		
		<option <?=$mm_sel?> value="<?=$month?>"><?=$month?></option>
	<?endfor;?>
</select>
<select name="year">
	<?
		//The 100 value here is the amount of years to go back
	$year = date("Y");
		//The 100 value here is the amount of years to go forward
		//because i went back 100 years, i'm going forward 60 years so the dropdown will always have the current year, going back 100 years.
		echo "<option value=''>--------&nbsp;</option>";
	for ($i = 100; $i >= 0; --$i)
	{
	$yy_sel = "";
		if ($year == $yyyy) {$yy_sel = "selected";}
		echo "<option $yy_sel>$year</option>"; --$year;
	}
	?>
</select>
</div></td></tr>
<? 
echo "<tr>
<td height='36'><div align='right'><b>$l_dis_age:</b></td><td><div align='left'>&nbsp; <input type='radio' name='showage' $agey value='1' /> Yes
<input type='radio' name='showage' $agen value='0' /> No</div></td></tr>
<tr>
<td height='36'><div align='right'><b>$l_gender:</b></td><td><div align='left'>
&nbsp; <select name='gender'>
<option value='0'>--</option>
<option $male_c value='1'>$l_male</option>
<option $female_c value='2'>$l_female</option>
</select> $gender_image
</div> </td></tr>

<tr>
<td height='36'><div align='right'><b>$l_about_me</b><br>$l_about_max_char<br><br><a href='./style/default/help_bbcode.html' target='_blank' title='BBCode help'>$l_bbcode_enabled</a></div></td><td><div align='left'>&nbsp; <textarea style='width:265px;height:100px;font-size:11px;' name='aboutme'>$me</textarea></div></td></tr>

<td height='36'></td><td><div align='left'><input type='submit' class='menuButtons' value='$l_edit_profile' /></div></td>
</tr></td></table></form>";
} //END contact information fields


if (isset($_GET['contact']) and $_SERVER['REQUEST_METHOD'] == 'POST') 
  {
  include('functions.php');
  $msn = strip_tags(mysql_real_escape_string($_POST['msn']));
  $www = strip_tags(mysql_real_escape_string($_POST['www']));
  $location = strip_tags(mysql_real_escape_string($_POST['location']));
  $occupation = strip_tags(mysql_real_escape_string($_POST['occupation']));
  $interests = strip_tags(mysql_real_escape_string($_POST['interests']));
  $day = strip_tags(mysql_real_escape_string($_POST['day']));
  $month = strip_tags(mysql_real_escape_string($_POST['month']));
  $year = strip_tags(mysql_real_escape_string($_POST['year']));
  $show_age = mysql_real_escape_string($_POST['showage']);
  $gender = mysql_real_escape_string($_POST['gender']);
  $me = $_POST['aboutme'];
  $me = my_nl2br($me);
  $me = convEnt2($me);
  $me  = str_replace("\n", "<br>", $me );
  $me = BBCode($me);
  $me = substr($me,0,$about_me_char);
  
  if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6}$/i", $msn)) {$msn="";}
  
  $sql = "UPDATE " . $table_prefix . "users SET ";
  $sql.=" user_msn = '$msn'";
  if ($www !="") {$sql.=", user_www = '$www'";}
  if ($gender !="" or $gender !=0) {$sql.=", user_gender = $gender";}
  if ($location !="") {$sql.=", user_location = '$location'";}
  if ($occupation !="") {$sql.=", user_occupation = '$occupation'";}
  if ($interests !="") {$sql.=", user_interests = '$interests'";}
  if ($day !="" AND $month!="" AND $year!="") {$sql.=", user_birthday = '$day-$month-$year'";}
  if ($me !="" ) {$sql.=", user_about = '$me'";}
  $sql.=", user_show_age = $show_age ";
  $sql.=" WHERE user_id = " . mysql_real_escape_string($_SESSION['user_id']) . "";
  
  $result = $db->query($sql);
  
  if ($result) {echo "<hr><br><div align='center'>$l_profile_upd<br><br><a href='profile.php?contact=1'>$l_back_to_prev</a><br><br></div>";}
  }


  
  $pageContents = ob_get_contents();
  ob_end_clean();
  echo str_replace('<!--TITLE-->', $pageTitle, $pageContents);
?> 